Re: [PATCH nf-next v2] netfilter: nf_defrag_ipv4: Skip defrag if NOTRACK is set

Can we get the same thing for IPv6, for symmetry? Thanks! Hi Pablo Yes, I can include IPv6 in v3. -- Qualcomm Innovation Center, Inc. is a member of Code Aurora Forum, a Linux Foundation Collaborative Project -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in

Re: Distress Call Please don't ignore

Good Day, Forgive my indignation if this message comes to you as a surprise and may offend your personality for contacting you without your prior consent and writing through this channel. I came across your name and contact on the course of my personal searching when i was searching for a

Re: [PATCH] netfilter : add NAT support for shifted portmap ranges

Op 20/12/2017 om 23:16 schreef Pablo Neira Ayuso: On Wed, Dec 20, 2017 at 01:28:09PM +0100, Thierry Du Tre wrote: This is a patch proposal to support shifted ranges in portmaps. (i.e. tcp/udp incoming port 5000-5100 on WAN redirected to LAN 192.168.1.5:2000-2100) Currently DNAT only works for

Re: [PATCH nf-next v2] netfilter: nf_defrag_ipv4: Skip defrag if NOTRACK is set

Hi Subash, On Tue, Dec 19, 2017 at 02:42:19PM -0700, Subash Abhinov Kasiviswanathan wrote: > conntrack defrag is needed only if some module like CONNTRACK or NAT > explicitly requests it. For plain forwarding scenarios, defrag is > not needed and can be skipped if NOTRACK is set in a rule. > >

Re: [PATCH nf] netfilter: uapi: correct UNTRACKED conntrack state bit number

On Wed, Dec 20, 2017 at 12:08:33PM +0100, Florian Westphal wrote: > nft_ct exposes this bit to userspace. This used to be > > #define NF_CT_STATE_UNTRACKED_BIT (1 << (IP_CT_NUMBER + 1)) > (IP_CT_NUMBER is 5, so this was 0x40) > > .. but this got changed to 8 (0x100) when the

Re: [PATCH] ebtables: Add filter for matching on a string

On Thu, Dec 21, 2017 at 09:17:27AM +0100, Pablo Neira Ayuso wrote: > Hi again, > > On Thu, Dec 21, 2017 at 01:08:52AM +0100, Pablo Neira Ayuso wrote: > > > diff --git a/net/bridge/netfilter/ebt_string.c > > > b/net/bridge/netfilter/ebt_string.c > > > new file mode 100644 > > > index

Re: [PATCH] ebtables: Add filter for matching on a string

Hi again, On Thu, Dec 21, 2017 at 01:08:52AM +0100, Pablo Neira Ayuso wrote: > > diff --git a/net/bridge/netfilter/ebt_string.c > > b/net/bridge/netfilter/ebt_string.c > > new file mode 100644 > > index ..66770506d3a3 > > --- /dev/null > > +++ b/net/bridge/netfilter/ebt_string.c > >

Re: [PATCH iptables] extensions: Add macro _DEFAULT_SOURCE.

On Thu, Dec 21, 2017 at 09:05:45AM +0530, Varsha Rao wrote: > Define _DEFAULT_SOURCE as _BSD_SOURCE is deprecated. > https://sourceware.org/glibc/wiki/Release/2.20#Packaging_Changes > > This patch fixes the following warning: > > warning: #warning "_BSD_SOURCE and _SVID_SOURCE are deprecated,

Re: [PATCH iptables] iptables: Remove const qualifier from struct option.

On Thu, Dec 21, 2017 at 09:05:44AM +0530, Varsha Rao wrote: > As opts is reassigned multiple times, it cannot be made constant. > So remove const qualifier from structure option. This patch fixes the > following warning: > > warning: initialization discards ‘const’ qualifier from pointer target >